Revision 52486603 libavcodec/h264_mp4toannexb_bsf.c

View differences:

libavcodec/h264_mp4toannexb_bsf.c
55 55
                                   int keyframe) {
56 56
    H264BSFContext *ctx = bsfc->priv_data;
57 57
    uint8_t unit_type;
58
    uint32_t nal_size, cumul_size = 0;
58
    int32_t nal_size;
59
    uint32_t cumul_size = 0;
60
    const uint8_t *buf_end = buf + buf_size;
59 61

  
60 62
    /* nothing to filter */
61 63
    if (!avctx->extradata || avctx->extradata_size < 6) {
......
109 111
    *poutbuf_size = 0;
110 112
    *poutbuf = NULL;
111 113
    do {
114
        if (buf + ctx->length_size > buf_end)
115
            goto fail;
116

  
112 117
        if (ctx->length_size == 1)
113 118
            nal_size = buf[0];
114 119
        else if (ctx->length_size == 2)
......
119 124
        buf += ctx->length_size;
120 125
        unit_type = *buf & 0x1f;
121 126

  
127
        if (buf + nal_size > buf_end || nal_size < 0)
128
            goto fail;
129

  
122 130
        /* prepend only to the first type 5 NAL unit of an IDR picture */
123 131
        if (ctx->first_idr && unit_type == 5) {
124 132
            alloc_and_copy(poutbuf, poutbuf_size,
......
139 147
    } while (cumul_size < buf_size);
140 148

  
141 149
    return 1;
150

  
151
fail:
152
    av_freep(poutbuf);
153
    *poutbuf_size = 0;
154
    return AVERROR(EINVAL);
142 155
}
143 156

  
144 157
static void h264_mp4toannexb_close(AVBitStreamFilterContext *bsfc)

Also available in: Unified diff